Newbie - pfsense instead of consumer router?

  • Hi there ,

    I'm about to take the plunge w/ pfsense (pc engines apu3b4 + ubiquity) but want to make sure I'm not getting into more maintenance than I have time for. Long story short, the idea of separate router & APs , not having to worry about a vendor discontinuing support  and the added flexibility of pfsense (vpn client) sounds pretty good but I don't really have time to dive in the depths of things regularly. That said, I'm wondering what type of system maintenance I should expect. With the non-commercial version , are updates still available for auto updates? Is it realistic to think I'll set this up and keep it up to date via automatic channels or should I expect to deal with more serious maintenance around OS updates , separate package updates etc.?

    Any guidance would be much appreciated.


  • if your hardware is supported, then its basically plugging in a usb-drive once; hitting <enter>a few times & done
    updating is easier then on most consumer routers</enter>

  • Basic install is guided, there are some things like VPN that you need to do after the basic install and setup, plus any other features you wish to enable or modify. Once up and running and tuned to your requirements you can forget about it. There is no automatic update, there is an update status indicator on the dashboard and if your update path is set to the release versions then that does not happen that often; development branches update daily but you don't need to update there either if you don't wish to. I'm on 2.4.1 dev branch. but I only update every couple of weeks.

    pfSense in 99.999% of installations just works, quite boring really. 8)

  • installation is easy enough I guess? I mean there are countless amount of youtube you can watch how to install one.

    in terms of update, well if you update pfsense and all goes well, I guess youre fine, but there are random times that updates fail and cause one or more components of pfsense to break (which most of the time, fresh install can fix it) so remember to backup your config first before updating.

  • @sfl:

    I'm about to take the plunge w/ pfsense (pc engines apu3b4 + ubiquity)

    Just curious about the choice of APU3B4.  It says on their web site: "This board version is targeted at applications that require 2 3G / LTE modems."  If LTE is what you need, it would be worth asking about other people's experience with that.

  • LAYER 8 Global Moderator

    "but there are random times that updates fail and cause one or more components of pfsense to break"

    To be honest in all the years I have been using pfsense, I think this has happened once.. And that was when running snapshots of dev build, etc.  I can not recall ever seeing a failure of actual production release to a released version.  I think people that have seen this are on odd hardware, and or are jumping multiple versions.. Like a lot of them! ;)  from like 2.0 to 2.3, etc..  Or tried to change architecture be it on purpose or accidentally.

    But as always sure when upgrading you should take precautions.  Have a current backup of your config - and it sure doesn't hurt to have a copy of the install your running and copy of the install of the version you want to go to, etc.  So just in case its a simple matter of install and restore config.

    And you should always read the notes on the upgrade for anything that might pertain to you for specific caveats, etc.

    And should always read over the release notes for the version your going to.. Then again most of the time, click upgrade and everything works as it should.. That has been my experience… And I have been running pfsense LONG time and have gone through multiple multiple upgrades..

    Keep in mind that soho firmware updates its specific hardware!  Ie the makers of the said firmware, etc.  And even then I have seen issues..  You could always minimize the chance of hardware being an issue in your update - something odd about it, etc.  By buying official pfsense/netgate hardware from their store..  This way your sure that they have gone through multiple multiple tests of the upgrade process on that specific hardware. Before they release an upgrade.  Vs you running on some diy hardware..

    Quite often users have problems because they didn't read the changes in a version from one to next and for example ftp helper/proxy was removed - lots of threads why doesn't ftp work, etc.  Packages removed from new version, etc.  Take a few minutes to read through the changes in the new versions and the upgrade process, and you should never have any issues.. Clickity Clickity and your on the new shiny version.

  • @marjohn56:

    pfSense in 99.999% of installations just works, quite boring really. 8)

    Great, in this case boring is good :)

  • A quick update (and thank you for earlier tips). All went well with the install after resolving a quirk or two with serial connections w/o putty (if someone has a good reference on the subject I'd love to get a better understanding of how this really works under the hood seeing that I got to a workable connection by trial and error and I'm sure there's something I'm still missing as some of the menus on install don't look as the screenshots in the install guide  - maybe character sets or some other terminal related knowledge I'm too thin on … ) .  Other than that setup was as painless as it gets.

    Before I make this my full-time setup I did want to check a few things seeing as a firewall or router issue can quickly spell trouble .. .

    • I'm assuming the stock install does err on the side of caution and block incoming traffic from the WAN side unless specified otherwise. It does seem like it's the case from the looks of the webCOnfirgurator - just in case I'm missing something...

    • Boot up time. I was surprised to see how long it took for requests to respond after an inadvertent reboot . When I first setup this box I noticed that the hardware plays a little jingle once its up and that did happen a few seconds after plugging it in so at that point pf was starting up but it must have taken 5-10 minutes before any requests succeeded from a hardwired host (rules out a case of AP not getting back online); I didn't expect this long a delay, is this normal for pfsense ?  If anyone has insight as to good ways to troubleshoot this with logs it'd be great seeing as location of the pf box doesn't lend itself well to hooking up a console cable.

    Thanks again!

  • Mine takes about 2 minutes to reboot on the unit shown in my tag. Much faster if you use an i7 based running at 4Ghz. :)

    It's not a standard off the shelf router, it is loading on OS, all be it cutdown, but a couple of minutes should see it running

  • LAYER 8 Global Moderator

    Dude I don't know what hardware your running but mine was running on HP n40L (old old hardware) as a vm on esxi.. And booting the host cold and waiting for the VM didn't even take 5 minutes.. You got something wrong there that is for sure…

  • Long delays on boot are almost always caused by a DNS resolver/forwarder misconfiguration. A lot of the services that are started on boot really need a fully working network connection with working DNS.